Communication key to cybersecurity, senator says

(IDG) -- The federal government and U.S. industry must reach a new level of communication and trust in order to prevent cyberterrorists and common hackers from attacking the Internet and other U.S. communication infrastructures, and that might mean new exemptions to the Freedom of Information Act, a senator said Monday.

Sen. Bob Bennett, R-Utah, said the exemptions would ensure the information shared with the government for the purpose of infrastructure protection would also be protected.

"We have to have a new level of communication and trust between all of the users of the Internet, which means government and industry have got to start talking to each other in ways they never have before," Bennett said during a luncheon speech to the Electronic Industries Alliance.

The old practice of a government official casually telling industry they should be more vigilant at their facilities because of suspicious activity won't do, he said.

"We have got to be a whole lot better than that in this modern world of the Internet if we are going to prevent people from coming in and attacking," Bennett said.

The legislation, which Bennett said would be "carefully crafted," would require companies to share with the government information about their systems and fixes in the event of an attack. In turn, the government would make the information available to other companies so that they could solve their problems faster.

Bennett, chairman of the Senate High-Tech Task Force, said he would be turning his attention soon to legislation that would cover the FOIA exemptions, and a bill could be ready for introduction within six weeks. He said it was too early to elaborate on the proposal.

Adding exemptions to the FOIA was discussed in the context of Y2K legislation that Bennett played a roll in passing two years ago. Companies worried then that the FOIA could allow competitors or the news media to obtain information that companies shared with the government. But the exemptions were not included in the legislation.

However, Congress considered it effective that companies were required to detail their Y2K preparedness in their earnings reports, and there now is interest in the legislature to use the same model for cybersecurity, said Bennett, who was chairman of the U.S. Senate Special Committee on the Year 2000 Technology Problem.

The FOIA requires federal agencies to disclose records requested in writing by anyone who wishes to obtain such information. Agencies may withhold information under nine exemptions and three exclusions in the law. News media often use the FOIA to obtain documents, but anyone may request records under the law.

In his talk Monday, Bennett also urged companies to invest in deterrence, saying they will gain a return by making themselves less vulnerable to attack and saving the cost of fixing things later. Throughout his speech, Bennett compared the Internet to the network of roads built throughout the Roman Empire, saying Americans are the modern Romans who benefit greatly from the network, but it must be protected from the barbarians and Visigoths who ultimately sacked Rome.